-
DDOS protection dashboard
There is currently no dashboard displaying the status of the DDOS protection. It would be nice to have some metrics like standard traffic levels, usual attack types, burst absorbed, etc.0
-
Support a new action for malicious user mitigation methods
We currently support CAPTCHA, Block and JS challenge. If we can support 'Header Inserion' as a new action for the malicious user detection feature, customers can consume that the suspicion score in other security devices.
3
-
Reporting Enhancement for Low and Slow DDoS Attack reporting
Dear all During the troubleshooting of a deployment we were experiencing HTTP response codes of 408, without understanding the reason. Opening a support ticket we were informed that the HTTP POST was identified as a Low and Slow and the 408 was th...0
-
Can I limit file type for uploads via Service Policies?
I want to restrict the types of files that can be uploaded to the website. Can this be achieved through Service Policies?0
-
Auto-Mitigation feature of CSD
WAAP's CSD(Client-Side Defense) can detect web skimming threats, but it doesn't automatically mitigate them. Users need to regularly check the console and set up mitigation manually if issues arise. But with AWAF Ver. 17.1.0's CSD profile, mitigat...1
-
Logon page protection similar to ASM feature
It would be great to protect app logon pages or any other web forms against brute force attacks. Similar like BIG-IP ASM logon page protection.0
-
custom response code or route when match on LB's common policy custom rule
why - Today when a custom rule is set to Deny traffic, the default 403 resp code and message is sent. I have a scenario where for some traffic the default error code is appropriate but for other traffic matching specific conditions which include a...0
-
limit the file size of uploads
No description provided0
-
Audit Log Alerting - non-SSO log in
There is a risk concern around the ability of a tenant admin to log in directly or through SSO (Oauth) to our tenant. I would like the ability to alert when a non-SSO log in occurs as we adopt a policy that non-SSO log in is only performed for eme...0
-
add a time of day attributed to rate limits
Most applications expect higher volumes during the day and lower volumes over night. Being able to set rate limits for specific times of day will avoid false positives that occur when you try to set a limit that works for the whole day and will al...